Transferring electronic content

ABSTRACT

A method and apparatus for transferring electronic content. The method and apparatus include providing electronic content to a first user, providing the first user with a key packet, the key packet including a decryption key and content rights information, transferring the electronic content and the key packet from the first user to a second user and rendering rights of the first user to the electronic content unusable upon transfer of the electronic content and the key packet from the first user to the second user.

RELATED APPLICATION INFORMATION

The present application is continuation of U.S. patent application Ser.No. 10/399,747, which is a filing under 35 USC §371 of PCT/IL01/00631,filed on 10 Jul. 2001, which claims priority from Israel PatentApplication No. 139251, filed 24 Oct. 2000, and from U.S. ProvisionalPatent Application Ser. No. 60/274,998, filed 12 Mar. 2001.

FIELD OF THE INVENTION

The present invention relates generally to methods for transferringelectronic content received from an electronic delivery source, from oneuser to another user or back to the source.

BACKGROUND OF THE INVENTION

Many kinds of electronic content are delivered over the Internet, suchas articles, catalog pages, electronic books, music, etc. For example,VERSAWARE.COM provides consumers with electronic library capability,wherein the consumer can store data culled from reference books,encyclopedias, almanacs and the like. Many systems require the consumerto purchase the content or at least pay for use of the content. In suchcases, downloading of the content is usually secured by an encryptedlink.

When a consumer buys a tangible item, for example, a book or souvenirfrom a store, the consumer can transfer the item to another consumer,such as by selling, lending or renting the item. However, when aconsumer purchases or pays for the use of electronic content, many kindsof electronic delivery systems prevent the consumer from transferringthe content to another.

The following example is a classic case in point. A university studenttypically purchases text books at the beginning of a semester, andresells the books, either back to the store or to another student,usually at a lower price. If the student drops out of the course forsome reason, is perhaps dissatisfied with the particular book, or hasnever even read the book, he/she can usually return the book to thestore. However, the situation is different in the event that a studentdownloads an electronic book from the web. First, as mentioned above,the electronic delivery system generally prevents the student fromtransferring the content to another person. Second, even if the studentdid not read or use the electronic content, it is not generally possibleto return the content to the provider and receive one's money back.

Systems are known in the prior art for protecting against unauthorizeddistribution of documents that were received by a consumer from anelectronic content provider. European Patent EP 999488, assigned toXEROX Corporation, describes a system for creating a self-protecteddocument, and which prevents users from obtaining a useful form of anelectronically distributed document during the decryption and renderingprocesses. The system has a polarization key which is used by apolarizer to transform the document to a version having polarizedcontents. The polarization key represents a combination of data elementstaken from the user system's internal state, such as the date and timeof day, elapsed time since the last keystroke, the processor's speed andserial number, and any other information that can be repeatably derivedfrom the user system. Time-derived information may also be included inthe polarization key so that interception and seizure of the polarizedcontents is rendered useless.

Published PCT patent application WO 00/08909, assigned to IBMCorporation, describes a secure digital content distribution system thatdecrypts a decryption key from an encrypted decrypting key. Thedecrypted decrypting key is transferred to another system. The securedigital content distribution system is capable of communicating withanother system which is capable of receiving data encrypted with theencryption key and the encrypted encryption key. The system enablesmaking digital content available to a wide range of users and businesseswhile ensuring protection and metering of digital assets. The systemincludes rights management to allow secure delivery, licensing,authorization, and control of the usage of digital assets. The systemprovides retailers of electronic content a way to differentiatethemselves from each other and the content owners when selling musicthrough electronic distribution.

In the WO 00/08909 system, a clearinghouse is maintained by the systemfor the management of the electronic content (see pages 52-53 of WO00/08909, entitled “A. Overview”). Content rights may be transferred byelectronic digital content stores, content providers or by authorizedend-user devices. However, every transfer of rights, even from oneauthorized end-user device to another, must always be authorized by andtransacted through the clearinghouse. It is not possible for anauthorized end-user device to transfer content rights independently ofthe clearinghouse.

SUMMARY OF THE INVENTION

The present invention seeks to provide novel methods for transferringelectronic content received from an electronic delivery source, from oneuser to another user or back to the source, without having to enact thetransaction via a clearinghouse or other central authority. The presentinvention uniquely enables electronic content transfer from one user bymeans of “chaining”.

The term “chaining”, as used in the present specification and claims,refers to transferring the electronic content plus a packet ofinformation, herein referred to as a key packet, from a first userentity to a second user entity. The key packet includes, for example andinter alia, one or more encrypted keys, preferably comprising one ormore decryption keys encrypted according to at least one appropriate keyencryption key, and content rights information. The key packet ispreferably transferred from a first user entity to a second user entity,wherein the first user entity's rights to the content and key packetinformation are rendered unusable upon creation of a new key packet andits transfer to the second user entity.

As is well known in the art of encryption and decryption, keys which areused primarily to encrypt other keys are known as “key encryption keys”.Throughout the present specification and claims, keys which are usedprimarily to encrypt other keys, even if used also for other purposes,will be referred to as “key encryption keys”.

In a preferred embodiment of the present invention, the first userentity can repeatedly send the key packet or packets, so that in a caseof communication failure, the second user entity can request the keypackets again. In general, after transfer of the newly encrypted contentand key packet, the first user entity deletes its now unusable keypacket or content. In one preferred embodiment of the present invention,the method does not require irrevocable proof that the second userentity has received the content, nor does it require subsequent deletionof the content or key packets; in other preferred embodiments,irrevocable proof and/or subsequent deletion may be required.

The communication line from the first user entity to the second userentity does not need to be secure. Instead, the present inventionpreferably uses a security device, most preferably a smart card, tosecure the transfer of the content and key packet from the first userentity to the second user entity. The communication between the twousers is secured by using a key derived for that communication sessionfrom a secure protocol to encrypt the data such that it can neither beforged nor intercepted by a third party.

There is thus provided in accordance with a preferred embodiment of thepresent invention a method for transferring electronic content,including providing electronic content to a first user, providing thefirst user with a key packet, the key packet including a decryption keyand content rights information, transferring the electronic content andthe key packet from the first user to a second user, and renderingrights of the first user to the electronic content unusable upontransfer of the electronic content and the key packet from the firstuser to the second user. The electronic content may be provided to thefirst user from a content provider or from a previous user.

In accordance with a preferred embodiment of the present invention themethod further includes rendering rights of the first user to the keypacket unusable upon transfer of the electronic content and the keypacket from the first user to the second user.

Further in accordance with a preferred embodiment of the presentinvention the electronic content and the key packet are stored in afirst content reader and the step of transferring includes transferringthe electronic content and the key packet from the first content readerto a second content reader.

Still further in accordance with a preferred embodiment of the presentinvention a security device is used to secure communication between thefirst and second content readers.

In accordance with a preferred embodiment of the present invention thesecurity device includes a first smart card associated with the firstcontent reader which communicates with a second smart card associatedwith the second content reader.

Further in accordance with a preferred embodiment of the presentinvention the step of rendering includes using the first smart card tomark the electronic content and key packet as being unfit for use by thefirst content reader.

Still further in accordance with a preferred embodiment of the presentinvention the first and second smart cards carry out a mutualauthentication process so as to establish a secure session between thefirst and second content readers.

Additionally in accordance with a preferred embodiment of the presentinvention the mutual authentication process includes a mutualzero-knowledge interaction authentication process.

In accordance with a preferred embodiment of the present invention themethod further includes sending a key encryption key from the seconduser to the first user, and creating a new key packet for the seconduser, the new key packet including a content decryption key at leastpartially encrypted with the key encryption key, and wherein the step oftransferring includes transferring the new key packet to the seconduser.

In a preferred embodiment of the present invention, the content is sentwithout re-encryption: the same content decryption key is used by thesecond user as was used by the first user; the same content decryptionkey has been delivered to the second user encrypted with that seconduser's key encryption key.

Further in accordance with a preferred embodiment of the presentinvention the method includes re-encrypting the content using the seconduser's content encryption key. The second user's content encryption keymay or may not be the same as the first user's content encryption key.The encryption may take place either within the smart card or within thefirst content reader.

Further in accordance with a preferred embodiment of the presentinvention the method includes using the second smart card to send anencryption key from the second user to the first user, and using thefirst smart card to create a new key packet for the second user, the newkey packet including the electronic content and previous key packet atleast partially encrypted with the encryption key, and wherein the stepof transferring includes transferring the new key packet to the seconduser.

Still further in accordance with a preferred embodiment of the presentinvention the second smart card delivers a transfer request message tothe first smart card prior to transferring the new key packet.

Additionally in accordance with a preferred embodiment of the presentinvention the step of sending an encryption key is performed during amutual authentication process between the first and second smart cards.

In accordance with a preferred embodiment of the present invention themethod further includes sending a unique user ID during a mutualauthentication process between the first and second smart cards.

Further in accordance with a preferred embodiment of the presentinvention the encryption key is sent with the transfer request message.

Still further in accordance with a preferred embodiment of the presentinvention the transfer request message includes a unique identificationof the electronic content.

Additionally in accordance with a preferred embodiment of the presentinvention the transfer request message includes an e-cash transfer in amutually-agreed-upon amount.

In accordance with a preferred embodiment of the present invention thetransfer request message includes a unique user ID.

Further in accordance with a preferred embodiment of the presentinvention if the second content reader sends a confirmation of receiptto the first content reader, the first content reader deletes thenow-unusable key packet.

Still further in accordance with a preferred embodiment of the presentinvention if the second content reader sends a confirmation of receiptto the first content reader, the first content reader deletes theelectronic content.

In accordance with a preferred embodiment of the present invention ifthe second content reader sends a confirmation of receipt to the firstcontent reader, the first content reader deletes the new electroniccontent, encrypted according to the second user's content encryptionkey, and/or and the new key packet. Alternatively, it is appreciatedthat the first content reader need not store the new electronic content,but may merely re-encrypt “on-the-fly” during transmission to the secondcontent reader. Further alternatively, as also described herein, it isappreciated that re-encryption of the electronic content may beoptional.

Further in accordance with a preferred embodiment of the presentinvention if a predetermined period of time has elapsed, the firstcontent reader deletes the new electronic content and the new keypacket.

Additionally in accordance with a preferred embodiment of the presentinvention if the second content reader requests the new key packet againfrom the first content reader, the first content reader resends the newkey packet.

In accordance with a preferred embodiment of the present invention thesecond user is the content provider. Alternatively, the first user isthe content provider.

Further in accordance with a preferred embodiment of the presentinvention the key packet is divided into a main packet and at least onedependent packet.

Still further in accordance with a preferred embodiment of the presentinvention information is stored as to whether the at least one dependentpacket was accessed by the first user. A refund may be provided if theat least one dependent packet was not accessed by the first user.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention will be understood and appreciated more fully fromthe following detailed description, taken in conjunction with thedrawings in which:

FIG. 1 is a simplified block diagram of a method for transferringelectronic content, in accordance with a preferred embodiment of thepresent invention; and

FIG. 2 is a simplified flow chart of the method for transferringelectronic content, in accordance with a preferred embodiment of thepresent invention.

DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT

Reference is now made to FIG. 1 which illustrates a method fortransferring electronic content, in accordance with a preferredembodiment of the present invention.

A source 5 of electronic content 10, also referred to as a contentprovider 5, preferably delivers electronic content 10 plus a “keypacket” 12 to a first content reader 14 of a first user. It isappreciated that the source 5 may, in an alternative preferredembodiment of the present invention, be associated with the first userand further may be comprised in or operatively associated with the firstcontent reader 14; in the alternative preferred embodiment, the firstuser is thus identified with the content provider 5.

The electronic content 10 may be any material transferred as digitaldata, such as MP3 music, digitally recorded video, electronic bookfiles, electronic files of unpublished patent applications, and thelike. The key packet 12 is defined as a personal packet for the purposeof delivering one or more decryption keys 16 related to the electroniccontent 10, to one and only one user. Each decryption key 16 ispreferably encrypted using a subscriber's key encryption key 18, such asa public key which has been issued by a key authority 20 to the firstuser. It is appreciated that, in order to produce the key packet 12 in acase where at least one of the decryption keys 16 is encrypted with thesubscriber's key encryption key 18, the key authority 20 must alsosupply the key encryption key 18 to the content provider 5 or to anothersource (not shown) of the key packet 12; alternatively, it is well knownin the art for public keys to be available such as, for example, from apublic key server or directly from the owner of the public key.Appropriate key handling protocols for carrying out such transfers ofthe key encryption key 18 are well known in the art.

The key packet 12 preferably includes the encrypted decryption key 16,content rights information 22 and other optional metadata 24. The keypacket 12 may be divided into a main packet and one or more dependentpackets 26. For example, there may be one main packet for the title ofthe electronic content 10, plus dependent packets 26 for each segment orchapter. The decryption key 16 for the title is preferably used todecrypt the segment keys. Alternatively, the dependent packets may, forexample, be encrypted with the key encryption key 18. It will beappreciated by persons skilled in the art that other alternatives arepossible.

The first content reader 14 preferably comprises any appropriateelectronic device capable of reading the inputted electronic content 10and key packet 12, and providing a digital output to a second contentreader 28. It is believed that, in a preferred embodiment of the presentinvention, the connection between the content readers 14 and 28 does notneed to be secure. Rather, in a preferred embodiment of the presentinvention, security devices, most preferably a first smart card 30 and asecond smart card 32, are used to secure the transfer of the content 10and the key packet 12 from the first content reader 14 to the secondcontent reader 28. Accordingly, smart card readers 15 and 29 areprovided which are in electrical communication with first and secondcontent readers 14 and 28, and are preferably housed together with firstand second content readers 14 and 28.

As is well known in the art, the first smart card 30 and the secondsmart card 32 are preferably designed and programmed to carry out onlyoperations which are authorized, such as, for example, operations whichare authorized by a content owner. Thus, the first smart card 30 and thesecond smart card 32 are, at least to some extent, trusted devices whichmay be trusted to carry out their assigned operations and which may notusually be arbitrarily forced to carry out unauthorized operations by auser of the system of FIG. 1.

Reference is now made to FIG. 2 which illustrates in flow chart form apreferred method of the present invention. A first user acquires theelectronic content 10 and key packets 12 from the source 5. The content10 and key packet 12 are stored by first content reader 14. The firstuser wishes to transfer content 10 to a second user for a price mutuallyagreed upon or upon any other appropriate terms. The second user can beanother “end user”, such as in a transaction between fellow students ata university. Alternatively, the second user can be the content provider5 itself, such as in the case of returning unused or unread content backto the provider. First content reader 14 is preferably in electricalcommunication (wired or wireless) with second content reader 28 for thepurpose of the transfer of information.

Smart cards 30 and 32 are respectively inserted in smart card readers 15and 29. Smart card 30 preferably carries out a mutual authenticationprocess with smart card 32, such as the so-called Fiat-Shamir mutualzero-knowledge interaction authentication methods taught in U.S. Pat.Nos. 4,748,668 to Shamir and Fiat, and 4,933,970 to Shamir, thedisclosures of which are incorporated herein by reference. Smart cards30 and 32 preferably establish a secure session between first and secondcontent readers 14 and 28 using any standard or proprietary sessionprotocol.

Smart card 32 preferably delivers a transfer request message to smartcard 30. The message preferably includes unique identification of theelectronic content 10 and an e-cash transfer in a mutually-agreed-uponamount. A unique user ID 36 and a new key encryption key 38 of thesecond user (such as a public key which has been issued by a keyauthority to the second user, for example) are preferably transferred aspart of the authentication protocol or secure session establishmentbetween smart card 30 and 32. Alternatively, the ID 36 and key 38 may beincluded in the transfer request message.

It is noted that technology for transferring information from one smartcard to another is well known and described, for example, in UK Patent2311451, assigned to the present assignee/applicant, the disclosure ofwhich is incorporated herein by reference. It is noted, however, that UKPatent 2311451 does not deal with chaining as defined hereinabove,rather with using one smart card to deactivate or activate another smartcard.

First content reader 14 preferably creates a new key packet 40 andoptionally, but not necessarily, a new electronic content 41 for secondcontent reader 28 based upon a new key encryption key 38 of the seconduser. It is believed to be sufficient, in a preferred embodiment of thepresent invention, that the content key has now been re-encrypted withthe new key encryption key 38, in the new key packet 40, such that thenew electronic content 41 would be preferably identical to theelectronic content 10.

The new key packet 40 preferably includes the same information as thekey packet 12, including encrypted key 16 as noted above, comprising theoriginal key 16 re-encrypted for the second user with the second user'skey encryption key, the new key encryption key 38.

In an alternative preferred embodiment, in which the content is to bere-encrypted, a different key may be used, either a single key forcontent-re-encryption and for key encryption, or different keys forcontent-re-encryption and for key encryption. Performing contentre-encryption is believed to be more secure but may require morehardware to perform encryption of content. Alternatively, primaryencryption using the original content provider's key and secondary localencryption of a simple type could be performed. In the alternativepreferred embodiment of the present invention, where new electroniccontent 41 is re-encrypted such as, for example, with the new keyencryption key 38 (here used not only to encrypt a key but also toencrypt content), such encryption preferably takes place “on the fly”,without storing the new electronic content 41 in the first contentreader 14.

It is appreciated that various methods of re-encryption will occur topersons skilled in the art, and that any appropriate re-encryptionmethod may be used.

The new key packet also preferably includes content rights information22 and other optional metadata 24, now encrypted according to the newkey encryption key 38.

It is noted that all of the key packet 12 may be encrypted according tothe new key encryption key 38, or alternatively, only a portion thereof,such as the decryption keys for some of the dependent packets 26, may beso encrypted, while other decryption keys remain encrypted with key(s)16. Smart card 30 also preferably marks electronic content 10 and keypacket 12 as being unfit for use, i.e., undecodable or inaccessible, byfirst content reader 14.

First content reader 14 then transfers new key packet 40 and newlyencrypted electronic content 41 to second content reader 28. If secondcontent reader 28 sends a confirmation of receipt, first content reader14 preferably deletes the now-unusable key packet 12 and may optionallydelete the electronic content 10. However, it is noted that the methoddoes not require irrevocable proof that second content reader 28 hasreceived the content 10 and subsequent deletion of content 10 or keypacket 12 by first content reader 14. First content reader 14 canrepeatedly send new key packets and content to the second content reader28, so that in a case of communication failure, second content reader 28may request the key packets and content again.

The electronic content 41 and key packet 40 can be transferred from thesecond user to a third user, ad infinitum, in the same manner as theelectronic content 10 and key packet 12 were transferred from the firstuser to the second user, as described hereinabove. In such a case, it ispreferable that the first content reader 14 be incapable of repeatedlysending new key packets and content to second content reader 28.Instead, if second content reader 28 sends a confirmation of receipt orif a predetermined period of time has elapsed, first content reader 14preferably deletes new key packet 40 and electronic content 41, therebyrendering first content reader 14 incapable of sending new key packetsand content to the second user without repeating the entire process ofthe sate, in the case where the first user is entitled according to thecontent rights to sell it more than once.

As similarly described hereinabove, second smart card 32 preferablydeletes its key packets and electronic content after sending them to thethird user. This provides important added security to the method of theinvention, in the event that first smart card 30 is “hacked” but secondsmart card 32 remains secure.

The term “hacked” in its various grammatical forms, as is well known inthe art, refers to a case where an unscrupulous person causes a smartcard or other secure device to behave in other than its intended manner,so that the hacked smart card can no longer be trusted to carry out itsassigned operations and may now be arbitrarily forced to carry outunauthorized operations.

The basic method of the present invention, as shown, for example, in thepreferred method of FIG. 2, can be varied to suit a particular user orapplication. For example, roll back of the transaction between thecontent readers 14 and 28 may be supported by repeating the transfer inthe opposite direction. In another feature, the rights contained in thenew key packet 40 may limit the price at which the content 10 may betransferred to less than the price paid by the first user. In yetanother feature, the content 10 may be transferred along with additionalmaterial created by the first user at a price higher than the originalcontent. As described above, the first user may or may not be limited inhaving the right to sell it to more than one “second” user.

The methods of the present invention thus enable transferring electroniccontent without having to enact the transaction via a clearinghouse orother central authority. It is clear from the foregoing description,that the second user does not need to be another “end user”, rather thesecond user can be the content provider 5 itself In such a case, incontrast to the prior art, if the first user did not read or use theelectronic content 10, the first user can indeed return the content 10to the content provider 5 and receive his/her money back. (In the abovedescribed embodiment, this can be accomplished by storing in smart card30 information as to which of the dependent packets 26 were accessed.)Alternatively, instead of paying back money, the content provider 5 cantransfer tokens to the first user (e.g., bookstore coupons). In a casewhere the second user is the content provider 5 itself and the contentis being “returned”, it is appreciated that the electronic content 10itself need not actually be sent back to the content provider 5, as longas the electronic content 10 has been marked as inaccessible and/ordeleted as described above.

It will be appreciated by persons skilled in the art that the presentinvention is not limited by what has been particularly shown anddescribed hereinabove. Rather the scope of the present inventionincludes both combinations and subcombinations of the features describedhereinabove as well as modifications and variations thereof which wouldoccur to a person of skill in the art upon reading the foregoingdescription and which are not in the prior art.

1-34. (canceled) 35: A method for transferring electronic content,comprising: providing encrypted electronic content to a first user;providing said first user with a key packet, said key packet comprising:a decryption key for decrypting said encrypted electronic content; andcontent rights information; re-encrypting said electronic content,thereby producing re-encrypted electronic content; producing a seconduser key packet comprising: a second user decryption key for decryptingsaid re-encrypted electronic content; and second user content rightsinformation; transferring said re-encrypted electronic content and saidsecond user key packet from said first user to a second user; andrendering rights of said first user to said electronic content unusableupon transfer of said re-encrypted electronic content and said seconduser key packet from said first user to said second user. 36: The methodaccording to claim 35 and wherein said re-encrypting comprises:decrypting said electronic content using said decryption key; andencrypting said electronic content to produce said re-encryptedelectronic content. 37: The method according to claim 35 and whereinsaid re-encrypting comprises performing secondary encryption. 38: Themethod according to claim 35 and wherein said re-encrypting comprisesre-encrypting “on-the-fly”. 39: The method according to claim 35 andwherein said second user key packet is decryptable using a keyencryption key. 40: A method for transferring electronic content,comprising: providing encrypted electronic content to a first user;providing the first user with a key packet, said key packet comprising:a decryption key for decrypting said encrypted electronic content; andcontent rights information; the first user adding additional material tosaid electronic content, thereby producing extended electronic content;transferring said extended electronic content and a second user keypacket from the first user to a second user; and rendering rights of thefirst user to said electronic content unusable upon transfer of saidelectronic content and said second user key packet from the first userto the second user. 41: The method according to claim 40 and alsocomprising: re-encrypting said extended electronic content, therebyproducing re-encrypted extended electronic content; and producing thesecond user key packet, the second user key packet comprising: a seconduser decryption key; and second user content rights information. 42: Themethod according to claim 41 and wherein said re-encrypting comprises:decrypting said encrypted electronic content using said decryption key;and encrypting said extended electronic content to produce saidre-encrypted extended electronic content. 43: The method according toclaim 41 and wherein said re-encrypting comprises performing secondaryencryption. 44: The method according to claim 41 and wherein saidre-encrypting comprises re-encrypting “on-the-fly”. 45: The methodaccording to claim 41 and wherein said second user key packet isdecryptable using a key encryption key. 46: The method according toclaim 40 and wherein said electronic content is associated with a firstprice payable by said first user and said extended electronic content isassociated with a second price payable by said second user. 47: Themethod according to claim 46 and wherein said second price is higherthan said first price. 48: The method according to claim 40 and whereinsaid second user key packet is divided into a main packet and at leastone dependent packet.